We strive to provide a reliable Registry that secures your information and protects against vulnerabilities. Trust is a core ORCID principle, and it’s vital that the research community has confidence in the Registry. Moving to HTTPS is integral to this, as it keeps the resolution of ORCID iDs hidden from third-party tracking and analytics systems.

We have been migrating the ORCID websites to HTTPS and are now also implementing HTTPS in our API. HTTPS is already required for all API 2.0 calls, and all Member API redirect URIs must be in HTTPS. Doing the same for ORCID iDs is the last step in the process.

When does this take effect?

Later this month we will release our API 2.1, which enables us to support HTTPS ORCID iDs. There will be no other functional changes to API calls or to the XSD. We will simultaneously update the ORCID Trademark and iD Display Guidelines to formalize HTTPS as the default recommended display.

What do I need to do?

If you are currently developing an ORCID integration, we encourage -- but do not require -- you to develop using API 2.1 to enable your workflows to benefit from HTTPS ORCID iDs. In future, display of HTTPS ORCID iDs will be required to obtain a Collect & Connect Display badge.

If you are already displaying ORCID iDs, we recommend that you switch to the HTTPS version of the ORCID iD.

More information, including updated documentation, will be available at launch. In the meantime, if you have any questions, please don’t hesitate to contact us.